Microsoft has warned about a zero-day flaw in the Windows operating system that has actively been exploited in attacks on Pakistani targets.
Attackers have sent out emails requesting targets open a special-crafted Word attachment that initiates an exploit using a malformed graphics image, or TIFF file, embedded in the document.
Microsoft said it had seen attacks in the Middle East and South Asia, saying hackers could use the flaw to gain the same rights as a logged-in user.
But AlienVault Labs was more specific in its findings, saying it saw lure documents for the zero-day providing information on the Pakistan Intelligence service (Inter-Services Intelligence or ISI) and the Pakistani military.
“Based on the victim information we could retrieve from the C&C server we can confirm that most of IP addresses communicating with the C&C server are based on Pakistan,” wrote Jaime Blasco, head of AlienVault Labs.
Different kinds of payload were delivered on to target machines, communicating over HTTP with the same command and control servers.
The attack traffic seen by AlienVault was similar to that seen in Operation Hangover, which also saw a host of Pakistani government organisations targeted.
Microsoft has issued a “Fix it” solution for the zero-day, effectively preventing the rendering of TIFF images, which might not be ideal for graphics specialists fond of TIFFs.
But the company has also recommended customers use the Enhanced Mitigation Experience Toolkit (EMET). “This will help prevent exploitation by providing mitigations to protect against the issue and should not affect usability of any programs,” said Dustin Childs, Microsoft’s group manager for the Trustworthy Computing Group.
Customers using Microsoft Windows XP, Vista and Windows Server 2008 are affected, if they’re running Microsoft Office 2003 through 2010, and all supported versions of Microsoft Lync.
To learn more about Microsoft’s fix, head to its advisory here.
Are you a security expert? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…